(19) 


J 


(12) 


Europalsches Patentamt 
European Patent Office 

Office europeen des brevets 0 1 ) 

EUROPEAN PATENT APPLICATION 


■MUllllllil 

EP 1 071 253 A1 


(43) Date of publication: 

24.01.2001 Bulletin 2001/04 

(21) Application number: 00305840.1 

(22) Date of filing: 11.07.2000 


(51) int. ci. 7 : H04L 29/06 


(84) Designated Contracting States: 

ATBECHCYDEDKESFIFRGBGRIEITLILU 

MCNLPTSE 

Designated Extension States: 
ALLTLVMKROSI 

(30) Priority: 20.07.1999 US 357679 

(71) Applicant: 

LUCENT TECHNOLOGIES INC. 

Murray Hill, New Jersey 07974-0636 (US) 


(72) Inventor: Serkowskl, Robert J. 
80020 Colorado (US) 

(74) Representative: 

Williams, David John et al 
Page White & Farrer, 
54 Doughty Street 
London WC1N2LS (GB) 


CO 
IX) 
CM 


(54) Securing feature activation in a telecommunication system 

(57) Periodically sending by a telecommunication 
controlled application an encrypted message to a 
license server to request permission to run and to 
obtain a list of permitted features. The license server 
application is executing on the same processor as the 
controlled application. Also resident on the same sys- 
tem is a license file which contains a list of applications 
that are permitted to run, the version number of the per- 
mitted applications and a list of permitted features. The 
license server is responsive to the encrypted message 
from the controlled application to read and decrypt the 
license file, read the serial number of the processor con- 
trolling the telecommunications system, compare the 
serial number obtained from the processor with the 
serial number stored in the license file. If there is a mis- 
match, no license is granted to the control applications 
and it will not be allowed to run. If the serial numbers 
match, then a comparison is made between the version 
number received from the application and the corre- 
sponding version number associated with the applica- 
tion in the license file. If the version number mis- 
matches, an encrypted message is sent to the applica- 
tion denying it permission to run. If the version number 
matches, an encrypted message is sent to the applica- 
tion granting it permission to run and listing the permit- 
• ted features. To decrypt the license file, the license 
' server utilizes a key that is assigned to the license 
server either globally or on a per system basis. 
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Description 
Tpc frnlcal Field 

[0001] This invention relates to the securing of pro- 
grams and tables and, in particular, to protecting , actua- 
tion of features and software within a 
telecommunication switching system. 


f 00021 Within the prior art, it is well known to sell or 
Use software both from the point of view of the basic 
program and from the features that the program is 
allowed to implement. Normally, each release or version 
of a particular software package for a customer premise 
telecommunication switching system contains a large 
number of features; however, the customer chooses 
and pays for only a subset of the total number of fea- 
tures Features in a telecommunications switching sys- 
tem refer to certain specialized operations such as call 
hold, call transfer, automatic route selection, etc. An 
ongoing problem in the art is to prevent newer versions 
of the software from being pirated and used on unau- 
thorized swrtching system or the cuatomer gating 
features for which the customer has not paid. Within tel- 
ecommunications switching systems in the prior art, 
these problems have been addressed by using pass- 
words that only allow authorized individuate to have 
access to the telecommunication switching system for 
enabling features or new software versions. 
[00031 The problem of securing software is a com- 
mon problem throughout the computer industry as well. 
Three methods have been utilized to address this prob- 
lem One is to distribute the software utilizing a CD-Rom 
and to include a key that must be entered to enable the 
software program. This solution does not solve the cop- 
ying problem since the key is normally printed on the 
CD Rom cover, and anyone can install the software as 
many times as they wish, however illegal it may be. A 
second method is to use a special piece of hardware 
that is commonly referred to as 'dongle" . The dongle is 
a special piece of hardware that connects to the serial 
or parallel port of the computer. The software executing 
on the computer sends a random number to the dongle. 
The dongle performs a secret computation and returns 
a result. The software makes a like computation; rf the 
two computations match, the software continues to run. 
To work satisfactorily, the response must include feature 
and version information. The use of the dongle is cum- 
bersome when it fails. If the dongle fails, then the sys- 
tem is down until a new dongle can be physically 
obtained on site. Also, once made, the dongle is faced. If 
it was used for feature activation, a new dongle is 
required for each additional feature that is purchased. 
[00041 A third method (as descnbed in PC Maga- 
zine p 35. December, 1998) Is to freely distribute the 
CD-Rom disks. When the CD-Rom is inserted into a 


computer, the computer automatically connects to a 
remote server via the Internet or a dial up connection to 
receive a machine-specific key. The key unlocks the 
software so that it can be utilized on that computer. The 
5 remote server also obtains the necessary payment 
information from the computer user. The third method 
does not function well for a telecommunication sw.tcn- 
ing system since it does not provide for the authoriza- 
tion to use different features of the same software 
10 application nor is it dependent on the version of the soft- 
ware being requested. In addition, it does not provide 
the necessary authorization of personnel to make such 
a request. 


J5 summar y of the Inv ention 

F00051 A departure in the art is achieved by an 
apparatus in method where a controlled application 
such as a telecommunication application, periodically 
20 sends an encrypted message to a license server to 
request permission to run and to obtain a list of permit- 
ted features. The license server application is executing 
on the same processor as the controlled application^ 
Also resident on the same system is a license file wh,ch 
25 contains a list of applications that are permitted to run, 
the version number of the permitted applications and a 
list ol permitted features. The license server is respon- 
sive to the encrypted message from the control applica- 
tion to read and decrypt the license file, read the serial 
30 numberoftheprocessorcontrollingthetelecommumca- 
tions system, compare the serial number obtained from 
the processor with the serial number stored in he 
license file, If there is a mis-match, no license is granted 
to the control applications and it will not be allowed to 
35 run. If the serial numbers match, then a comparison is 
made between the version number received from the 
application and the corresponding version number 
associated with the application in the license file. If the 
version number mis-matches, an encrypted message .s 
40 sent to the application denying it permission to run. If 
the version number matches, an encrypted message is 
sent to the application granting it permission to run and 
listing the permitted features. To decrypt the license hie 
the license server utilizes a key that is assigned to the 
« license server either globally or on a per system bas.s 
[00061 Other and further aspects of the present 
invention will become apparent in the course of the fol- 
lowing description and by reference to the accompany- 
ing drawing. 

gngfj^es^Hpilmotine Drawing 

[00071 Referring now to the drawing: 

RG 1 illustrates, in block diagram form, the 
arrangement of software within telecommunication 
switching system 100; 

FIG. 2 illustrates, in flow chart form, the steps per- 
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formed by a license server; end 
FIG. 3 illustrates, in flow chart form, steps per- 
formed by a remote database. 

nulled Description 

T00081 FIG. 1 illustrates telecommunications swrtch- 
ng system 100 interconnected to public telephone net- 
work 104 Telecommunications swrtching system 100 
includes telephone sets 106-107. The features and 
operations provided by telecommunication awttNng 
system 100 to telephones 106-107 and its interact, s 
with public telephone network 1 04 are well known m the 
art. Control processor 102 executes ^1 control app , ca- 
tion 114 via operating system 111 to perform the tele- 
communication functions and features. Cor* I 
processor 102 communicates with swrtching network 
103 via LAN 110. One skilled in the art could ready 
envision that co^pr— l^c^n^ 


number contained in license file 1 1 2. If there Is a match 
license server 113 transmits an encrypted message to 
catl control application 114 informing it that t can run 
and the features that may execute. In addition cense 
file 112 can contain an expiration date that license 
server 1 1 3 checks to see if it has expired. If the expira- 
Z date has expired , license server 113 will not ^ve 
call control application 1 1 4 permission to execute. Note, 
that any other applications running on telecommunica- 
, tion swrtching system 100 can utilize the same mecha- 
nism as call control applteation 1 14 to determine ,f they 
a* to * allowed to execute and what options they may 
execute. 

rooiOl License file 112 must be obtained from 
5 emote database 109. Similarly, password file 116 must 
also be providedby remote database 109. Password Me 
1 1 6 allows a user utilizing PC 1 20 to gain access and to 
perform certain operations with respect to ^communi- 
cation switching system 100. An example of a common 


with switching network 1 03 via a 

as a connection via the processor bus of control proces- 
sor 1 02. Operating system 1 1 1 is a conventiona operat- 
ing system allowing for the execution of app canons 
such as call control application 114 and for the in m- 
application communication of messages. Personal com- 25 
puter (PC) 1 20 is utilized by service personnel to admin- 
ister telecommunication switching system 100. These 
functions of the service personnel will be described 
later. Swrtching network 103 provides all of the naoa* 
sary telecommunication switching and interfacing that is 30 
required in telecommunication switching system 100. 
Modem 108 is direct^ connected to control processor 
102 so that control processor 102 can contact remote 
database 109 via public telephone network 104. One 
skilled in the art could readily envision that mode, , 1 08 * 
could be interconnected to control processor 102 via 
UVN 110. Similarly, remote database 109 can estabhsh 
a communication channel with control processor 102 
via public telephone network 104 and modem 108. 
ro0091 In accordance with the invention, at .nihahza- <c 
tion and periodically during its execution, call control 
application 1 1 4 sends an encrypted message to license 
server 113 via operating system 111 The encrypted 
message requests permission to run and to obtain a st 
of permitted features. The encrypted message also « 
includes the version number for call control application 
114 License server 1 1 3 is responsive to the encrypted 
message to access license file 1 12. License server 113 
decrypt license file 1 1 2 in order to obta.n the list of per- 
mrtted features, version number of call control applica- - 
Z VI and ihe serial number of control processor 
102. License server 1 1 3 via operating system 1 1 1 then 
reads the serial number from control processor 102 
L^ense server 113 then compares the sena numbe 
obtained from license file 112 and the ser a numbe 
from control processor 102. If there is a match, license 
server 1 13 then compares the version number received 
from call control appfcation 114 with the version 


02cou,dcommunicate ca on — might pert orm via PC 120 
direct connection such 20 task that a se p swit ching system 


taSK inai a sciy^s " • .. 

would be to shut telecommunication switching system 
100 down or perform routine maintenance functions 
Remote database 109 can inrtialize the downloading , ot 
iicense file 112 via public telephone network 104 and 
modem 108. When this downloading occurs, control 
processor 102 will execute system application 117 to 
properly store the license file in license file 1 12 as i us 
Seated from remote database 109. Similarly, control 
processor 102 can also automatically request the 
Lnse file 1 12 from remote database 109. In addition, 
a user of PC 120 can request a copy of the license fie 
bv logging on to remote database 109 via public tele- 
phone neLrk 104. The PC 120 then loads the license 
Linto memory 101 via LAN 1 1 0 and control processor 

mom When a request is made of remote database 
109 for a copy of the license file, remote database 109 
verifies the identify of the entity requesting the copy, 
acc fses the file defining the serial number, feature 
and version numbers that should be included n the 
,icense file and the password file, and then tran^mite 
the copy of the license file to telecommunication swrtch- 

^^^^^^^^ 
he steps performed by license server 1 13 in response 
0 an encrypted message from call control apphcat.on 
114. The receipt of the encrypted message is detected 
by block 200 which transfers control to block 201. The 
tatterblock reads the serial numberfrom control piocas- 
sor 102 before transferring control to deos.cn block 
202 The latter decision block verifies that a senal 
number has been read from control processor 102. U an 
Zr occurs, control is transferred to block 2£ which 
loos an error before transferring control to block 213 
, Block 213 formulates a message indicating that £ 
control application 114 can not execute and transfers 
his to block 309 of FIG. 3 whose operation wil be 
described later. Returning to decision block 202, If an 
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error has not occurred, license file 1 1 2 » read Dec s,on 
block 206 verifies that an error did not occur m the read- 
^g of license file 112 from memory 101. If an error did 
oLr, control is transferred to block 207 which logs the 
fact that an error occurred before transferring control to 
block 213. If an error did not occur, control is transferred 
to block 208 which formulates the key to be ut.hzed in 
decrypting license file 112. One skilled in the art could 
S "Vision that license file 1 12 could be encrypted 
with more than one key. and that block 208 would need 
To formulate all of the necessa^ keys. After license m 
1 ! 2 has been decrypted, control is transferred to block 
211 which compares the serial number stored by 
license server 1 1 3 and the serial number read from con- 
nri processor 102. Decision block 212 determines .f an « 
error or mis-match has occurred in the companion of 
the serial numbers. If the answer is yes. control ,s trans- 
ferred to decision block 21 3. If the answer » no ■ .n deci- 
sion block 2 12. control is transferred to block 301 of FIG. 

ran 31 Block 301 obtains the present date and time 
before transferring control to decision block 302. The 
latter decision block compares the present date and 
2b with that read from license file 1 12 to determ.n if 
th e execution of call control plication 114 has exp.red^ 
tf the answer is yes. control is transferred to b loc 307 
which formulates a denial to be sent back to ca control 
application 114 before transferring control to block 309. 
If the answer is no in decision block 302, control is trans- 
ferred 303 which determines the information being 
requested by call control application 114 before trans- 
ferring control to b.ock 304. Block 304 decrypts he 
message that had been received call control application 
Tl4. in particular, it verifies that the version numbe 
being requested by call control application 4 are 
allowed by the information that is in license file 12 
After performing these operations in block 304. con ro, 
is transferred to block 306 which determines ,f the 
requested Information and version number mls-mateh. 
If the answer is yes. control is transferred to block : 307 
[00141 « the answer is no in decision block 306, 
control is transferred to block 308 which formulates * 
response to be transmitted to call control application 
1U informing it of the features that it may execute 
before contro" is transferred to b.ock 309. Block 3* 
encrypts the various messages received erthe, _ from 
block 213. block 308. or block 307 before transferring 
control to block 31 1 - Block 31 1 transmits the encrypted 
message to call control application 114 via operating 
system 1 1 1 - 

Claims 
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server, by one of the plurality of controlled 
applications, requesting permission to continue 
execution and identification of ones of the plu- 
rality of features that are to be provide by the 
one of the plurality of controlled applications; 
CHARACTERIZED BY 

obtaining (201). by the license server a first 
serial number of a processor on which both the 
license server and the one of the plurality of 
controlled applications are executing; 
accessing (204). by the license server, a 
license file to obtain a second serial number o 
a processor on which the one of the plurality of 
controlled applications is allowed to execute 
and identification of an allowed set of the plu- 
rality of features that the one of the plurality of 
controlled applications is to provide; 
comparing (21 1 ). by the license server, the first 
serial number with second serial number; 
transmitting (308), by the license server, a sec- 
ond message to the one of the plurality of con- 
trolled applications indicating that the one of 
the plurality of controlled applications can con- 
tinue execution and including identification of 
the allowed set of the plurality of features upon 
the first serial number and second serial 
number being equal; 

continuing execution (114). by the one of plu- 
rality of the controlled applications, in response 
to the second message; and 
providing (114) the allowed set of the plurality 
of features in response to the second message 
by the one of the plurality of controlled applica- 
tions. 

The method of claim 1 wherein the step of sending 
comprises the step of including a first version 
number of the one of the plurality of controlled 
applications in the first message; 

the step of accessing comprises the step of 
reading a second version number from the 
license file of a set of the plurality of control ed 
applications that are allowed to execute on the 
processor defined by the first serial number; 
the step of comparing further compares the 
first version number with the second version 
number; and 

the step of transmitting further transmits the 
second message upon the first serial number 
and second serial number being equal and the 
first version number and the second version 
number being equal. 


1. A method for protecting actuation ; of a plumfity ot 

features and a plurality of controlled applications, 55 3. 
comprising the steps of: 

sending (200) a first message to a license 


The method of claim 2 wherein the license file »s 
encrypted and the step of accessing further com- 
prises the step of decrypting the license file. 
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4 The method of claim 3 wherein the first message is 
encrypted and the step of obtaining further com- 
prises the step of decrypting the first message. 

5 The method of claim 4 wherein the first and second 5 
messages are communicated via an operating sys- 
tem. 

6 The method of claim 3 wherein the second mes- 
sage is encrypted and the step of continuing excu- io 
tion comprises the step of decrypting the second 
message. 

7 The method of claim 6 wherein the first and second 
messages are communicated via an operating sys- 
tem. 


75 


25 


8 The method of claim 1 wherein the step of transmu- 
ting further transmits a third message to the one of 

the plurality of controlled applications indicating that 20 
the one of the plurality of controlled applications 
should cease execution upon the first serial number 
and second serial number not being equal. 

9 The method of claim 8 further comprises the step of 
ceasing execution, by the one of the plurality of con- 
trolled applications, upon receipt of the third mes- 
sage. 

10 Apparatus for protecting actuation of a plurality of 
' features and a plurality of controlled applications 

comprising means adapted to carry out the steps of 
a method as claimed in any of the preceding claims. 
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